From a8ab51df2f1d815033c6c91fc5b4082353f24114 Mon Sep 17 00:00:00 2001 From: Erik Jaegervall Date: Wed, 20 Nov 2024 13:10:24 +0100 Subject: [PATCH 01/11] Fix aiohttp vulnerability --- .project-creation/.skeleton/requirements.in | 2 +- .project-creation/.skeleton/requirements.txt | 20 ++++--- NOTICE-3RD-PARTY-CONTENT.md | 59 ++++++++++--------- README.md | 59 +++++++++++++++++++ examples/seat-adjuster/requirements.in | 2 +- examples/seat-adjuster/requirements.txt | 18 +++--- requirements-links.txt | 1 - requirements.txt | 62 +++++++++++--------- setup.py | 2 +- 9 files changed, 148 insertions(+), 77 deletions(-) diff --git a/.project-creation/.skeleton/requirements.in b/.project-creation/.skeleton/requirements.in index 9291f75c..406f6978 100644 --- a/.project-creation/.skeleton/requirements.in +++ b/.project-creation/.skeleton/requirements.in @@ -15,4 +15,4 @@ grpcio==1.64.1 protobuf==5.27.2 cloudevents==1.11.0 -aiohttp==3.10.5 +aiohttp==3.10.11 diff --git a/.project-creation/.skeleton/requirements.txt b/.project-creation/.skeleton/requirements.txt index 1ac04dd8..3a564d8c 100644 --- a/.project-creation/.skeleton/requirements.txt +++ b/.project-creation/.skeleton/requirements.txt @@ -4,13 +4,13 @@ # # pip-compile # -aiohappyeyeballs==2.4.0 +aiohappyeyeballs==2.4.3 # via aiohttp -aiohttp==3.10.5 +aiohttp==3.10.11 # via -r requirements.in aiosignal==1.3.1 # via aiohttp -async-timeout==4.0.3 +async-timeout==5.0.1 # via aiohttp attrs==24.2.0 # via aiohttp @@ -18,21 +18,25 @@ cloudevents==1.11.0 # via -r requirements.in deprecation==2.1.0 # via cloudevents -frozenlist==1.4.1 +frozenlist==1.5.0 # via # aiohttp # aiosignal grpcio==1.64.1 # via -r requirements.in -idna==3.8 +idna==3.10 # via yarl -multidict==6.0.5 +multidict==6.1.0 # via # aiohttp # yarl -packaging==24.1 +packaging==24.2 # via deprecation +propcache==0.2.0 + # via yarl protobuf==5.27.2 # via -r requirements.in -yarl==1.9.7 +typing-extensions==4.12.2 + # via multidict +yarl==1.17.2 # via aiohttp diff --git a/NOTICE-3RD-PARTY-CONTENT.md b/NOTICE-3RD-PARTY-CONTENT.md index fb514d9b..75745eb5 100644 --- a/NOTICE-3RD-PARTY-CONTENT.md +++ b/NOTICE-3RD-PARTY-CONTENT.md @@ -3,35 +3,35 @@ ## Python | Dependency | Version | License | |:-----------|:-------:|--------:| -|aiohappyeyeballs|2.4.0|Other/Proprietary License
Python Software Foundation License| -|aiohttp|3.10.5|Apache 2.0| +|aiohappyeyeballs|2.4.3|Python Software Foundation License| +|aiohttp|3.10.11|Apache 2.0| |aiosignal|1.3.1|Apache 2.0| |APScheduler|3.10.4|MIT| -|async-timeout|4.0.3|Apache 2.0| +|async-timeout|5.0.1|Apache 2.0| |attrs|24.2.0|MIT| -|build|1.2.1|MIT| +|build|1.2.2.post1|MIT| |cachetools|5.5.0|MIT| |cfgv|3.4.0|MIT| |chardet|5.2.0|LGPL| |click|8.1.7|New BSD| |cloudevents|1.11.0|Apache 2.0| |colorama|0.4.6|BSD| -|coverage|7.6.1|Apache 2.0| -|Deprecated|1.2.14|MIT| +|coverage|7.6.7|Apache 2.0| +|Deprecated|1.2.15|MIT| |deprecation|2.1.0|Apache 2.0| -|distlib|0.3.8|Python Software Foundation License| +|distlib|0.3.9|Python Software Foundation License| |exceptiongroup|1.2.2|MIT| -|filelock|3.15.4|The Unlicense (Unlicense)| -|frozenlist|1.4.1|Apache 2.0| +|filelock|3.16.1|The Unlicense (Unlicense)| +|frozenlist|1.5.0|Apache 2.0| |grpc-stubs|1.53.0.5|MIT| |grpcio|1.64.1|Apache 2.0| |grpcio-tools|1.64.1|Apache 2.0| -|identify|2.6.0|MIT| -|idna|3.8|BSD| +|identify|2.6.2|MIT| +|idna|3.10|BSD| |importlib-metadata|7.1.0|Apache 2.0| |iniconfig|2.0.0|MIT| -|multidict|6.0.5|Apache 2.0| -|mypy|1.11.2|MIT| +|multidict|6.1.0|Apache 2.0| +|mypy|1.13.0|MIT| |mypy-extensions|1.0.0|MIT| |mypy-protobuf|3.6.0|Apache 2.0| |nodeenv|1.9.1|BSD| @@ -41,35 +41,36 @@ |opentelemetry-instrumentation-logging|0.46b0|Apache 2.0| |opentelemetry-sdk|1.25.0|Apache 2.0| |opentelemetry-semantic-conventions|0.46b0|Apache 2.0| -|packaging|24.1|Apache 2.0
BSD| +|packaging|24.2|Apache 2.0
BSD| |paho-mqtt|2.1.0|OSI Approved| |pip|23.0.1|MIT| |pip-tools|7.4.1|BSD| -|platformdirs|4.2.2|MIT| +|platformdirs|4.3.6|MIT| |pluggy|1.5.0|MIT| -|pre-commit|3.8.0|MIT| +|pre-commit|4.0.1|MIT| +|propcache|0.2.0|Apache 2.0| |protobuf|5.27.2|Google License| -|pyproject-api|1.7.1|MIT| -|pyproject-hooks|1.1.0|MIT| -|pytest|8.3.2|MIT| +|pyproject-api|1.8.0|MIT| +|pyproject-hooks|1.2.0|MIT| +|pytest|8.3.3|MIT| |pytest-asyncio|0.24.0|Apache 2.0| -|pytest-cov|5.0.0|MIT| -|pytz|2024.1|MIT| +|pytest-cov|6.0.0|MIT| +|pytz|2024.2|MIT| |PyYAML|6.0.2|MIT| |setuptools|65.5.1|MIT| |six|1.16.0|MIT| -|tomli|2.0.1|MIT| -|tox|4.18.0|MIT| -|types-Deprecated|1.2.9.20240311|Apache 2.0| +|tomli|2.1.0|MIT| +|tox|4.23.2|MIT| +|types-Deprecated|1.2.15.20241117|Apache 2.0| |types-mock|5.1.0.20240425|Apache 2.0| -|types-protobuf|5.27.0.20240626|Apache 2.0| +|types-protobuf|5.28.3.20241030|Apache 2.0| |typing-extensions|4.12.2|Python Software Foundation License| |tzlocal|5.2|MIT| -|virtualenv|20.26.6|MIT| -|wheel|0.44.0|MIT| +|virtualenv|20.27.1|MIT| +|wheel|0.45.0|MIT| |wrapt|1.16.0|BSD| -|yarl|1.9.7|Apache 2.0| -|zipp|3.20.1|MIT| +|yarl|1.17.2|Apache 2.0| +|zipp|3.21.0|MIT| ## Workflows | Dependency | Version | License | |:-----------|:-------:|--------:| diff --git a/README.md b/README.md index c8926b80..72aa9e27 100644 --- a/README.md +++ b/README.md @@ -63,3 +63,62 @@ By default the examples are started using the native middleware. Dapr middleware - [GitHub Issues](https://github.com/eclipse-velocitas/vehicle-app-python-sdk/issues) - [Mailing List](https://accounts.eclipse.org/mailing-list/velocitas-dev) - [Contribution](./CONTRIBUTING.md/) + +### Creating a new release + +1. Tag the commit and upload to GitHub + +Create a tag of the form `vX.Y.X` and upload to the repository. +That will trigger the [release](https://github.com/eclipse-velocitas/vehicle-app-python-sdk/actions/workflows/release.yaml) workflow. +If the action is successfully executed a new [GitHub release](https://github.com/eclipse-velocitas/vehicle-app-python-sdk/releases) shall have been created as well as as +a new version of `velocitas-lib` published in [PyPI](https://pypi.org/project/velocitas-sdk/). + +2. Update examples + +This repository contain some requirement files that reference itself. +We cannot update the version numbers in those files until we have created a [PyPI](https://pypi.org/project/velocitas-sdk/) release, as Continuous Integration then will fail. +But that also means that a released version like will contain references to an older version. + +For now the best approach is to update them on `main` branch after we have created the release. +Update `velocitas-sdk` version number in the following files: + +* `.project-creation/.skeleton/requirements-velocitas.txt` +* `examples/seat-adjuster/requirements-velocitas.txt` + +Use the version number used for the release. + +2. Create a Pull Request and merge the updated version numbers + +### Updating Dependencies + +This repository specify exact Python versions in `setup.py` and other files. +If a version needs to be updated, for example if a vulnerability is detected, the following approach needs to be followed + +1. Update version in `setup.py` if needed +2. Update generated requirement files. + +```bash +pip-compile -U --extra=dev +``` + +3. Update version in `examples/seat-adjuster/requirements.in` if needed +4. Update generated file for Seat Adjuster + +```bash +cd examples/seat-adjuster +pip-compile -U +``` + +5. Update version in `.project-creation/.skeleton/requirements.in` if needed +6. Update generated file for Skeleton + +```bash +cd .project-creation/.skeleton/ +pip-compile -U +``` + +7. Update `NOTICE-3RD-PARTY-CONTENT.md` + +The easiest way to do it is to create a Pull Request. +Then the [check license workflow](https://github.com/eclipse-velocitas/vehicle-app-python-sdk/actions/workflows/check-licenses.yml) will fail as versions used no longer match versions stated in the file. +Copy output from the workflow to the `NOTICE-3RD-PARTY-CONTENT.md` file and update the Pull Request. diff --git a/examples/seat-adjuster/requirements.in b/examples/seat-adjuster/requirements.in index fb374513..b7af1465 100644 --- a/examples/seat-adjuster/requirements.in +++ b/examples/seat-adjuster/requirements.in @@ -15,5 +15,5 @@ grpcio==1.64.1 protobuf==5.27.2 cloudevents==1.11.0 -aiohttp==3.10.5 +aiohttp==3.10.11 packaging==24.1 diff --git a/examples/seat-adjuster/requirements.txt b/examples/seat-adjuster/requirements.txt index 6f5422a4..922f0694 100644 --- a/examples/seat-adjuster/requirements.txt +++ b/examples/seat-adjuster/requirements.txt @@ -4,13 +4,13 @@ # # pip-compile # -aiohappyeyeballs==2.4.0 +aiohappyeyeballs==2.4.3 # via aiohttp -aiohttp==3.10.5 +aiohttp==3.10.11 # via -r requirements.in aiosignal==1.3.1 # via aiohttp -async-timeout==4.0.3 +async-timeout==5.0.1 # via aiohttp attrs==24.2.0 # via aiohttp @@ -18,15 +18,15 @@ cloudevents==1.11.0 # via -r requirements.in deprecation==2.1.0 # via cloudevents -frozenlist==1.4.1 +frozenlist==1.5.0 # via # aiohttp # aiosignal grpcio==1.64.1 # via -r requirements.in -idna==3.8 +idna==3.10 # via yarl -multidict==6.0.5 +multidict==6.1.0 # via # aiohttp # yarl @@ -34,7 +34,11 @@ packaging==24.1 # via # -r requirements.in # deprecation +propcache==0.2.0 + # via yarl protobuf==5.27.2 # via -r requirements.in -yarl==1.9.7 +typing-extensions==4.12.2 + # via multidict +yarl==1.17.2 # via aiohttp diff --git a/requirements-links.txt b/requirements-links.txt index 3cc17303..e69de29b 100644 --- a/requirements-links.txt +++ b/requirements-links.txt @@ -1 +0,0 @@ -git+https://github.com/eclipse-velocitas/vehicle-model-python.git@v0.3.0 diff --git a/requirements.txt b/requirements.txt index d58e70b1..2047047b 100644 --- a/requirements.txt +++ b/requirements.txt @@ -4,19 +4,19 @@ # # pip-compile --extra=dev # -aiohappyeyeballs==2.4.0 +aiohappyeyeballs==2.4.3 # via aiohttp -aiohttp==3.10.5 +aiohttp==3.10.11 # via velocitas_sdk (setup.py) aiosignal==1.3.1 # via aiohttp apscheduler==3.10.4 # via velocitas_sdk (setup.py) -async-timeout==4.0.3 +async-timeout==5.0.1 # via aiohttp attrs==24.2.0 # via aiohttp -build==1.2.1 +build==1.2.2.post1 # via pip-tools cachetools==5.5.0 # via tox @@ -30,23 +30,23 @@ cloudevents==1.11.0 # via velocitas_sdk (setup.py) colorama==0.4.6 # via tox -coverage[toml]==7.6.1 +coverage[toml]==7.6.7 # via pytest-cov -deprecated==1.2.14 +deprecated==1.2.15 # via # opentelemetry-api # velocitas_sdk (setup.py) deprecation==2.1.0 # via cloudevents -distlib==0.3.8 +distlib==0.3.9 # via virtualenv exceptiongroup==1.2.2 # via pytest -filelock==3.15.4 +filelock==3.16.1 # via # tox # virtualenv -frozenlist==1.4.1 +frozenlist==1.5.0 # via # aiohttp # aiosignal @@ -59,19 +59,19 @@ grpcio==1.64.1 # velocitas_sdk (setup.py) grpcio-tools==1.64.1 # via velocitas_sdk (setup.py) -identify==2.6.0 +identify==2.6.2 # via pre-commit -idna==3.8 +idna==3.10 # via yarl importlib-metadata==7.1.0 # via opentelemetry-api iniconfig==2.0.0 # via pytest -multidict==6.0.5 +multidict==6.1.0 # via # aiohttp # yarl -mypy==1.11.2 +mypy==1.13.0 # via velocitas_sdk (setup.py) mypy-extensions==1.0.0 # via mypy @@ -101,7 +101,7 @@ opentelemetry-sdk==1.25.0 # velocitas_sdk (setup.py) opentelemetry-semantic-conventions==0.46b0 # via opentelemetry-sdk -packaging==24.1 +packaging==24.2 # via # build # deprecation @@ -112,7 +112,7 @@ paho-mqtt==2.1.0 # via velocitas_sdk (setup.py) pip-tools==7.4.1 # via velocitas_sdk (setup.py) -platformdirs==4.2.2 +platformdirs==4.3.6 # via # tox # virtualenv @@ -120,35 +120,37 @@ pluggy==1.5.0 # via # pytest # tox -pre-commit==3.8.0 +pre-commit==4.0.1 # via velocitas_sdk (setup.py) +propcache==0.2.0 + # via yarl protobuf==5.27.2 # via # grpcio-tools # mypy-protobuf # velocitas_sdk (setup.py) -pyproject-api==1.7.1 +pyproject-api==1.8.0 # via tox -pyproject-hooks==1.1.0 +pyproject-hooks==1.2.0 # via # build # pip-tools -pytest==8.3.2 +pytest==8.3.3 # via # pytest-asyncio # pytest-cov # velocitas_sdk (setup.py) pytest-asyncio==0.24.0 # via velocitas_sdk (setup.py) -pytest-cov==5.0.0 +pytest-cov==6.0.0 # via velocitas_sdk (setup.py) -pytz==2024.1 +pytz==2024.2 # via apscheduler pyyaml==6.0.2 # via pre-commit six==1.16.0 # via apscheduler -tomli==2.0.1 +tomli==2.1.0 # via # build # coverage @@ -157,33 +159,35 @@ tomli==2.0.1 # pyproject-api # pytest # tox -tox==4.18.0 +tox==4.23.2 # via velocitas_sdk (setup.py) -types-deprecated==1.2.9.20240311 +types-deprecated==1.2.15.20241117 # via velocitas_sdk (setup.py) types-mock==5.1.0.20240425 # via velocitas_sdk (setup.py) -types-protobuf==5.27.0.20240626 +types-protobuf==5.28.3.20241030 # via mypy-protobuf typing-extensions==4.12.2 # via + # multidict # mypy # opentelemetry-sdk + # tox tzlocal==5.2 # via apscheduler -virtualenv==20.26.6 +virtualenv==20.27.1 # via # pre-commit # tox -wheel==0.44.0 +wheel==0.45.0 # via pip-tools wrapt==1.16.0 # via # deprecated # opentelemetry-instrumentation -yarl==1.9.7 +yarl==1.17.2 # via aiohttp -zipp==3.20.1 +zipp==3.21.0 # via importlib-metadata # The following packages are considered to be unsafe in a requirements file: diff --git a/setup.py b/setup.py index ccc680e2..25d69f5d 100644 --- a/setup.py +++ b/setup.py @@ -18,7 +18,7 @@ "grpcio==1.64.1", "protobuf==5.27.2", "cloudevents==1.11.0", - "aiohttp==3.10.5", + "aiohttp==3.10.11", "paho-mqtt==2.1.0", "opentelemetry-distro==0.46b0", "opentelemetry-instrumentation-logging==0.46b0", From a66758f2f0d2e598eb566c18a8196a35114d061b Mon Sep 17 00:00:00 2001 From: Erik Jaegervall Date: Thu, 21 Nov 2024 10:22:28 +0100 Subject: [PATCH 02/11] Test undefined version --- .github/workflows/project-creation.yaml | 5 ++++- .project-creation/.skeleton/requirements-velocitas.txt | 2 +- examples/seat-adjuster/requirements-velocitas.txt | 2 +- 3 files changed, 6 insertions(+), 3 deletions(-) diff --git a/.github/workflows/project-creation.yaml b/.github/workflows/project-creation.yaml index 9f4e818c..764eb039 100644 --- a/.github/workflows/project-creation.yaml +++ b/.github/workflows/project-creation.yaml @@ -92,7 +92,10 @@ jobs: CREATE_ARGS="-e ${{ matrix.example }}" fi velocitas create -c vapp-core-python $CREATE_ARGS - # Velocitas CLI fetches an older merged/released version of the example + # Velocitas CLI fetches an older released version of the example + # This is caused by vehicle-app-template that downloads latest tagged version of pkg-velocitas-main + # and then the SDK version mentioned in components/cores/vapp-python/.project-creation/config.json + # will be used. # But we want to check the one in this repository so lets copy it if [ "${{ matrix.example }}" != "no-example" ]; then cp -r ../sdk/examples/${{ matrix.example }}/* ../app/app diff --git a/.project-creation/.skeleton/requirements-velocitas.txt b/.project-creation/.skeleton/requirements-velocitas.txt index 270004d5..5118258a 100644 --- a/.project-creation/.skeleton/requirements-velocitas.txt +++ b/.project-creation/.skeleton/requirements-velocitas.txt @@ -1 +1 @@ -velocitas-sdk==0.15.4 +velocitas-sdk==0.15.5 diff --git a/examples/seat-adjuster/requirements-velocitas.txt b/examples/seat-adjuster/requirements-velocitas.txt index 270004d5..5118258a 100644 --- a/examples/seat-adjuster/requirements-velocitas.txt +++ b/examples/seat-adjuster/requirements-velocitas.txt @@ -1 +1 @@ -velocitas-sdk==0.15.4 +velocitas-sdk==0.15.5 From 39b2f89c226d0d0f4dd7a9711d4f094c1b9626a9 Mon Sep 17 00:00:00 2001 From: Erik Jaegervall Date: Thu, 21 Nov 2024 11:07:52 +0100 Subject: [PATCH 03/11] Prepare for release --- README.md | 45 ++++++++++++++++++++++++++++-------------- requirements-links.txt | 2 ++ 2 files changed, 32 insertions(+), 15 deletions(-) diff --git a/README.md b/README.md index 72aa9e27..4452d70d 100644 --- a/README.md +++ b/README.md @@ -66,28 +66,39 @@ By default the examples are started using the native middleware. Dapr middleware ### Creating a new release -1. Tag the commit and upload to GitHub +1. Update examples -Create a tag of the form `vX.Y.X` and upload to the repository. -That will trigger the [release](https://github.com/eclipse-velocitas/vehicle-app-python-sdk/actions/workflows/release.yaml) workflow. -If the action is successfully executed a new [GitHub release](https://github.com/eclipse-velocitas/vehicle-app-python-sdk/releases) shall have been created as well as as -a new version of `velocitas-lib` published in [PyPI](https://pypi.org/project/velocitas-sdk/). - -2. Update examples - -This repository contain some requirement files that reference itself. -We cannot update the version numbers in those files until we have created a [PyPI](https://pypi.org/project/velocitas-sdk/) release, as Continuous Integration then will fail. -But that also means that a released version like will contain references to an older version. - -For now the best approach is to update them on `main` branch after we have created the release. +This repository contain some example requirement files that reference the `velocitas-sdk` package created when we release the repository. Update `velocitas-sdk` version number in the following files: * `.project-creation/.skeleton/requirements-velocitas.txt` * `examples/seat-adjuster/requirements-velocitas.txt` -Use the version number used for the release. +Use the version number intended to be used for the release. +As the version has not yet been released an error in Continuous Integration for the +[Project creation](https://github.com/eclipse-velocitas/vehicle-app-python-sdk/actions/workflows/project-creation.yaml) +workflow is expected. + +``` +Running post init hook for 'sdk-installer' +Running 'run'... +ExecExitError: Program returned exit code: 1 +``` + +It is recommended to test locally that the not yet released SDK is compatible with the Seat Adjuster example and then merge the changes +even if Continuos Integration fails. + +2. Tag the commit and upload to GitHub + +Create a tag of the form `vX.Y.X` and upload to the repository. +That will trigger the [release](https://github.com/eclipse-velocitas/vehicle-app-python-sdk/actions/workflows/release.yaml) workflow. +If the action is successfully executed a new [GitHub release](https://github.com/eclipse-velocitas/vehicle-app-python-sdk/releases) shall have been created as well as as +a new version of `velocitas-lib` published in [PyPI](https://pypi.org/project/velocitas-sdk/). + +3. Re-run project creation tests -2. Create a Pull Request and merge the updated version numbers +Now when the updated [PyPI](https://pypi.org/project/velocitas-sdk/) package exists the [Project creation](https://github.com/eclipse-velocitas/vehicle-app-python-sdk/actions/workflows/project-creation.yaml) workflow is expected to succeed if run manually for `main`. +If not you need to troubleshoot why it doesn't. ### Updating Dependencies @@ -122,3 +133,7 @@ pip-compile -U The easiest way to do it is to create a Pull Request. Then the [check license workflow](https://github.com/eclipse-velocitas/vehicle-app-python-sdk/actions/workflows/check-licenses.yml) will fail as versions used no longer match versions stated in the file. Copy output from the workflow to the `NOTICE-3RD-PARTY-CONTENT.md` file and update the Pull Request. + +8. Update examples and create a new release + +As we explicitly use our "own" PyPI package we need to udpate references and create a new release, see release section above. diff --git a/requirements-links.txt b/requirements-links.txt index e69de29b..be4be566 100644 --- a/requirements-links.txt +++ b/requirements-links.txt @@ -0,0 +1,2 @@ +# Needed by some old examples that rely on a pre-generated signal model +git+https://github.com/eclipse-velocitas/vehicle-model-python.git@v0.3.0 From 062000ed71ae0aee4cc5b2c95308ed589dbb07e7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Erik=20Jaegervall=20=28J=C3=A4gervall=29?= <30996601+erikbosch@users.noreply.github.com> Date: Tue, 3 Dec 2024 12:14:07 +0100 Subject: [PATCH 04/11] Apply suggestions from code review Co-authored-by: BjoernAtBosch --- README.md | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/README.md b/README.md index 4452d70d..bee32325 100644 --- a/README.md +++ b/README.md @@ -75,7 +75,7 @@ Update `velocitas-sdk` version number in the following files: * `examples/seat-adjuster/requirements-velocitas.txt` Use the version number intended to be used for the release. -As the version has not yet been released an error in Continuous Integration for the +As the version has not yet been released, an error in Continuous Integration for the [Project creation](https://github.com/eclipse-velocitas/vehicle-app-python-sdk/actions/workflows/project-creation.yaml) workflow is expected. @@ -85,7 +85,7 @@ Running 'run'... ExecExitError: Program returned exit code: 1 ``` -It is recommended to test locally that the not yet released SDK is compatible with the Seat Adjuster example and then merge the changes +It is recommended to test locally if the not yet released SDK is compatible with the Seat Adjuster example and then merge the changes even if Continuos Integration fails. 2. Tag the commit and upload to GitHub @@ -97,12 +97,12 @@ a new version of `velocitas-lib` published in [PyPI](https://pypi.org/project/ve 3. Re-run project creation tests -Now when the updated [PyPI](https://pypi.org/project/velocitas-sdk/) package exists the [Project creation](https://github.com/eclipse-velocitas/vehicle-app-python-sdk/actions/workflows/project-creation.yaml) workflow is expected to succeed if run manually for `main`. +Now, when the updated [PyPI](https://pypi.org/project/velocitas-sdk/) package exists, the [Project creation](https://github.com/eclipse-velocitas/vehicle-app-python-sdk/actions/workflows/project-creation.yaml) workflow is expected to succeed if run manually for `main`. If not you need to troubleshoot why it doesn't. ### Updating Dependencies -This repository specify exact Python versions in `setup.py` and other files. +This repository specifies exact Python versions in `setup.py` and other files. If a version needs to be updated, for example if a vulnerability is detected, the following approach needs to be followed 1. Update version in `setup.py` if needed From dd3030630fb5bf5f02acf0a26802523157dd35fe Mon Sep 17 00:00:00 2001 From: Markus Petke Date: Mon, 10 Mar 2025 07:19:20 +0100 Subject: [PATCH 05/11] update requirements --- .pre-commit-config.yaml | 8 +- .project-creation/.skeleton/requirements.txt | 10 +-- examples/seat-adjuster/requirements.txt | 10 +-- examples/seat-adjuster/tests/unit/test_run.py | 2 +- requirements.txt | 56 ++++++------ tests/integration/inttesthelper_test.py | 3 +- tests/unit/native_locator_test.py | 3 +- tests/unit/native_pubsub_client_test.py | 3 +- velocitas_sdk/model.py | 86 ++++++++----------- velocitas_sdk/vdb/reply.py | 76 ++++++---------- velocitas_sdk/vehicle_app.py | 2 +- 11 files changed, 113 insertions(+), 146 deletions(-) diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 67b38750..5fca8b1a 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -17,7 +17,7 @@ # See https://pre-commit.com/hooks.html for more hooks repos: - repo: https://github.com/pre-commit/pre-commit-hooks - rev: v4.4.0 + rev: v5.0.0 hooks: - id: trailing-whitespace exclude: > @@ -45,7 +45,7 @@ repos: - id: check-merge-conflict - repo: https://github.com/astral-sh/ruff-pre-commit - rev: v0.1.13 + rev: v0.9.10 hooks: - id: ruff args: [--fix, --exclude, "*_pb2.py,*_pb2.pyi,*_pb2_grpc.py,*.log"] @@ -53,7 +53,7 @@ repos: args: [--exclude, "*_pb2.py,*_pb2.pyi,*_pb2_grpc.py,*.log"] - repo: https://github.com/pre-commit/mirrors-mypy - rev: v1.8.0 + rev: v1.15.0 hooks: - id: mypy exclude: > @@ -67,7 +67,7 @@ repos: pass_filenames: false - repo: https://github.com/Lucas-C/pre-commit-hooks - rev: v1.5.4 + rev: v1.5.5 hooks: - id: insert-license files: '.*\.(py|pyi|yaml|yml|sh|in)$' diff --git a/.project-creation/.skeleton/requirements.txt b/.project-creation/.skeleton/requirements.txt index 3a564d8c..59a89fa4 100644 --- a/.project-creation/.skeleton/requirements.txt +++ b/.project-creation/.skeleton/requirements.txt @@ -4,15 +4,15 @@ # # pip-compile # -aiohappyeyeballs==2.4.3 +aiohappyeyeballs==2.5.0 # via aiohttp aiohttp==3.10.11 # via -r requirements.in -aiosignal==1.3.1 +aiosignal==1.3.2 # via aiohttp async-timeout==5.0.1 # via aiohttp -attrs==24.2.0 +attrs==25.1.0 # via aiohttp cloudevents==1.11.0 # via -r requirements.in @@ -32,11 +32,11 @@ multidict==6.1.0 # yarl packaging==24.2 # via deprecation -propcache==0.2.0 +propcache==0.3.0 # via yarl protobuf==5.27.2 # via -r requirements.in typing-extensions==4.12.2 # via multidict -yarl==1.17.2 +yarl==1.18.3 # via aiohttp diff --git a/examples/seat-adjuster/requirements.txt b/examples/seat-adjuster/requirements.txt index 922f0694..384aac05 100644 --- a/examples/seat-adjuster/requirements.txt +++ b/examples/seat-adjuster/requirements.txt @@ -4,15 +4,15 @@ # # pip-compile # -aiohappyeyeballs==2.4.3 +aiohappyeyeballs==2.5.0 # via aiohttp aiohttp==3.10.11 # via -r requirements.in -aiosignal==1.3.1 +aiosignal==1.3.2 # via aiohttp async-timeout==5.0.1 # via aiohttp -attrs==24.2.0 +attrs==25.1.0 # via aiohttp cloudevents==1.11.0 # via -r requirements.in @@ -34,11 +34,11 @@ packaging==24.1 # via # -r requirements.in # deprecation -propcache==0.2.0 +propcache==0.3.0 # via yarl protobuf==5.27.2 # via -r requirements.in typing-extensions==4.12.2 # via multidict -yarl==1.17.2 +yarl==1.18.3 # via aiohttp diff --git a/examples/seat-adjuster/tests/unit/test_run.py b/examples/seat-adjuster/tests/unit/test_run.py index c1836b3f..1f883dad 100644 --- a/examples/seat-adjuster/tests/unit/test_run.py +++ b/examples/seat-adjuster/tests/unit/test_run.py @@ -238,6 +238,6 @@ async def async_raise_exception(*args): async def async_raise_value_error(*args): data = json.loads(get_invalid_request_data_str()) raise ValueError( - f"""Provided position {data['position']} \ + f"""Provided position {data["position"]} \ should not be Greater than 1000 (Max)""" ) diff --git a/requirements.txt b/requirements.txt index 2047047b..b62804ec 100644 --- a/requirements.txt +++ b/requirements.txt @@ -4,35 +4,35 @@ # # pip-compile --extra=dev # -aiohappyeyeballs==2.4.3 +aiohappyeyeballs==2.5.0 # via aiohttp aiohttp==3.10.11 # via velocitas_sdk (setup.py) -aiosignal==1.3.1 +aiosignal==1.3.2 # via aiohttp -apscheduler==3.10.4 +apscheduler==3.11.0 # via velocitas_sdk (setup.py) async-timeout==5.0.1 # via aiohttp -attrs==24.2.0 +attrs==25.1.0 # via aiohttp build==1.2.2.post1 # via pip-tools -cachetools==5.5.0 +cachetools==5.5.2 # via tox cfgv==3.4.0 # via pre-commit chardet==5.2.0 # via tox -click==8.1.7 +click==8.1.8 # via pip-tools cloudevents==1.11.0 # via velocitas_sdk (setup.py) colorama==0.4.6 # via tox -coverage[toml]==7.6.7 +coverage[toml]==7.6.12 # via pytest-cov -deprecated==1.2.15 +deprecated==1.2.18 # via # opentelemetry-api # velocitas_sdk (setup.py) @@ -42,7 +42,7 @@ distlib==0.3.9 # via virtualenv exceptiongroup==1.2.2 # via pytest -filelock==3.16.1 +filelock==3.17.0 # via # tox # virtualenv @@ -59,7 +59,7 @@ grpcio==1.64.1 # velocitas_sdk (setup.py) grpcio-tools==1.64.1 # via velocitas_sdk (setup.py) -identify==2.6.2 +identify==2.6.9 # via pre-commit idna==3.10 # via yarl @@ -71,7 +71,7 @@ multidict==6.1.0 # via # aiohttp # yarl -mypy==1.13.0 +mypy==1.15.0 # via velocitas_sdk (setup.py) mypy-extensions==1.0.0 # via mypy @@ -120,37 +120,33 @@ pluggy==1.5.0 # via # pytest # tox -pre-commit==4.0.1 +pre-commit==4.1.0 # via velocitas_sdk (setup.py) -propcache==0.2.0 +propcache==0.3.0 # via yarl protobuf==5.27.2 # via # grpcio-tools # mypy-protobuf # velocitas_sdk (setup.py) -pyproject-api==1.8.0 +pyproject-api==1.9.0 # via tox pyproject-hooks==1.2.0 # via # build # pip-tools -pytest==8.3.3 +pytest==8.3.5 # via # pytest-asyncio # pytest-cov # velocitas_sdk (setup.py) -pytest-asyncio==0.24.0 +pytest-asyncio==0.25.3 # via velocitas_sdk (setup.py) pytest-cov==6.0.0 # via velocitas_sdk (setup.py) -pytz==2024.2 - # via apscheduler pyyaml==6.0.2 # via pre-commit -six==1.16.0 - # via apscheduler -tomli==2.1.0 +tomli==2.2.1 # via # build # coverage @@ -159,13 +155,13 @@ tomli==2.1.0 # pyproject-api # pytest # tox -tox==4.23.2 +tox==4.24.2 # via velocitas_sdk (setup.py) -types-deprecated==1.2.15.20241117 +types-deprecated==1.2.15.20250304 # via velocitas_sdk (setup.py) -types-mock==5.1.0.20240425 +types-mock==5.2.0.20250306 # via velocitas_sdk (setup.py) -types-protobuf==5.28.3.20241030 +types-protobuf==5.29.1.20250208 # via mypy-protobuf typing-extensions==4.12.2 # via @@ -173,19 +169,19 @@ typing-extensions==4.12.2 # mypy # opentelemetry-sdk # tox -tzlocal==5.2 +tzlocal==5.3.1 # via apscheduler -virtualenv==20.27.1 +virtualenv==20.29.3 # via # pre-commit # tox -wheel==0.45.0 +wheel==0.45.1 # via pip-tools -wrapt==1.16.0 +wrapt==1.17.2 # via # deprecated # opentelemetry-instrumentation -yarl==1.17.2 +yarl==1.18.3 # via aiohttp zipp==3.21.0 # via importlib-metadata diff --git a/tests/integration/inttesthelper_test.py b/tests/integration/inttesthelper_test.py index 325957fa..e61cd8e9 100644 --- a/tests/integration/inttesthelper_test.py +++ b/tests/integration/inttesthelper_test.py @@ -12,7 +12,8 @@ # # SPDX-License-Identifier: Apache-2.0 -""" Tests for methods in VehicleCollectorClient """ +"""Tests for methods in VehicleCollectorClient""" + import pytest from velocitas_sdk.proto.types_pb2 import DataType diff --git a/tests/unit/native_locator_test.py b/tests/unit/native_locator_test.py index 946553a4..4be3d77a 100644 --- a/tests/unit/native_locator_test.py +++ b/tests/unit/native_locator_test.py @@ -12,8 +12,7 @@ # # SPDX-License-Identifier: Apache-2.0 -""" Tests for methods in locator """ - +"""Tests for methods in locator""" import os from unittest import mock diff --git a/tests/unit/native_pubsub_client_test.py b/tests/unit/native_pubsub_client_test.py index 1c7cd900..b068deb5 100644 --- a/tests/unit/native_pubsub_client_test.py +++ b/tests/unit/native_pubsub_client_test.py @@ -12,7 +12,8 @@ # # SPDX-License-Identifier: Apache-2.0 -""" Tests for methods in PubSubClient """ +"""Tests for methods in PubSubClient""" + import os import sys import time diff --git a/velocitas_sdk/model.py b/velocitas_sdk/model.py index df75e273..1bfeda03 100755 --- a/velocitas_sdk/model.py +++ b/velocitas_sdk/model.py @@ -691,100 +691,90 @@ def __init__(self, client): self.__nodes = {} @overload - def add(self, node: DataPointBoolean, value: bool) -> "BatchSetBuilder": - ... + def add(self, node: DataPointBoolean, value: bool) -> "BatchSetBuilder": ... @overload - def add(self, node: DataPointBooleanArray, value: List[bool]) -> "BatchSetBuilder": - ... + def add( + self, node: DataPointBooleanArray, value: List[bool] + ) -> "BatchSetBuilder": ... @overload - def add(self, node: DataPointDouble, value: float) -> "BatchSetBuilder": - ... + def add(self, node: DataPointDouble, value: float) -> "BatchSetBuilder": ... @overload - def add(self, node: DataPointDoubleArray, value: List[float]) -> "BatchSetBuilder": - ... + def add( + self, node: DataPointDoubleArray, value: List[float] + ) -> "BatchSetBuilder": ... @overload - def add(self, node: DataPointFloat, value: float) -> "BatchSetBuilder": - ... + def add(self, node: DataPointFloat, value: float) -> "BatchSetBuilder": ... @overload - def add(self, node: DataPointFloatArray, value: List[float]) -> "BatchSetBuilder": - ... + def add( + self, node: DataPointFloatArray, value: List[float] + ) -> "BatchSetBuilder": ... @overload - def add(self, node: DataPointInt8, value: int) -> "BatchSetBuilder": - ... + def add(self, node: DataPointInt8, value: int) -> "BatchSetBuilder": ... @overload - def add(self, node: DataPointInt8Array, value: List[int]) -> "BatchSetBuilder": - ... + def add(self, node: DataPointInt8Array, value: List[int]) -> "BatchSetBuilder": ... @overload - def add(self, node: DataPointInt16, value: int) -> "BatchSetBuilder": - ... + def add(self, node: DataPointInt16, value: int) -> "BatchSetBuilder": ... @overload - def add(self, node: DataPointInt16Array, value: List[int]) -> "BatchSetBuilder": - ... + def add(self, node: DataPointInt16Array, value: List[int]) -> "BatchSetBuilder": ... @overload - def add(self, node: DataPointInt32, value: int) -> "BatchSetBuilder": - ... + def add(self, node: DataPointInt32, value: int) -> "BatchSetBuilder": ... @overload - def add(self, node: DataPointInt32Array, value: List[int]) -> "BatchSetBuilder": - ... + def add(self, node: DataPointInt32Array, value: List[int]) -> "BatchSetBuilder": ... @overload - def add(self, node: DataPointInt64, value: int) -> "BatchSetBuilder": - ... + def add(self, node: DataPointInt64, value: int) -> "BatchSetBuilder": ... @overload - def add(self, node: DataPointInt64Array, value: List[int]) -> "BatchSetBuilder": - ... + def add(self, node: DataPointInt64Array, value: List[int]) -> "BatchSetBuilder": ... @overload - def add(self, node: DataPointString, value: str) -> "BatchSetBuilder": - ... + def add(self, node: DataPointString, value: str) -> "BatchSetBuilder": ... @overload - def add(self, node: DataPointStringArray, value: List[str]) -> "BatchSetBuilder": - ... + def add( + self, node: DataPointStringArray, value: List[str] + ) -> "BatchSetBuilder": ... @overload - def add(self, node: DataPointUint8, value: int) -> "BatchSetBuilder": - ... + def add(self, node: DataPointUint8, value: int) -> "BatchSetBuilder": ... @overload - def add(self, node: DataPointUint8Array, value: List[int]) -> "BatchSetBuilder": - ... + def add(self, node: DataPointUint8Array, value: List[int]) -> "BatchSetBuilder": ... @overload - def add(self, node: DataPointUint16, value: int) -> "BatchSetBuilder": - ... + def add(self, node: DataPointUint16, value: int) -> "BatchSetBuilder": ... @overload - def add(self, node: DataPointUint16Array, value: List[int]) -> "BatchSetBuilder": - ... + def add( + self, node: DataPointUint16Array, value: List[int] + ) -> "BatchSetBuilder": ... @overload - def add(self, node: DataPointUint32, value: int) -> "BatchSetBuilder": - ... + def add(self, node: DataPointUint32, value: int) -> "BatchSetBuilder": ... @overload - def add(self, node: DataPointUint32Array, value: List[int]) -> "BatchSetBuilder": - ... + def add( + self, node: DataPointUint32Array, value: List[int] + ) -> "BatchSetBuilder": ... @overload - def add(self, node: DataPointUint64, value: int) -> "BatchSetBuilder": - ... + def add(self, node: DataPointUint64, value: int) -> "BatchSetBuilder": ... @overload - def add(self, node: DataPointUint64Array, value: List[int]) -> "BatchSetBuilder": - ... + def add( + self, node: DataPointUint64Array, value: List[int] + ) -> "BatchSetBuilder": ... def add(self, node: DataPoint, value) -> "BatchSetBuilder": node_name = node.get_path() diff --git a/velocitas_sdk/vdb/reply.py b/velocitas_sdk/vdb/reply.py index febadd29..eda5e127 100644 --- a/velocitas_sdk/vdb/reply.py +++ b/velocitas_sdk/vdb/reply.py @@ -31,124 +31,104 @@ def __init__(self, reply: SubscribeReply): self.reply = reply @overload - def get(self, datapoint: "model.DataPointBoolean") -> TypedDataPointResult[bool]: - ... + def get( + self, datapoint: "model.DataPointBoolean" + ) -> TypedDataPointResult[bool]: ... @overload def get( self, datapoint: "model.DataPointBooleanArray" - ) -> TypedDataPointResult[List[bool]]: - ... + ) -> TypedDataPointResult[List[bool]]: ... @overload - def get(self, datapoint: "model.DataPointDouble") -> TypedDataPointResult[float]: - ... + def get( + self, datapoint: "model.DataPointDouble" + ) -> TypedDataPointResult[float]: ... @overload def get( self, datapoint: "model.DataPointDoubleArray" - ) -> TypedDataPointResult[List[float]]: - ... + ) -> TypedDataPointResult[List[float]]: ... @overload - def get(self, datapoint: "model.DataPointFloat") -> TypedDataPointResult[float]: - ... + def get(self, datapoint: "model.DataPointFloat") -> TypedDataPointResult[float]: ... @overload def get( self, datapoint: "model.DataPointFloatArray" - ) -> TypedDataPointResult[List[float]]: - ... + ) -> TypedDataPointResult[List[float]]: ... @overload - def get(self, datapoint: "model.DataPointInt8") -> TypedDataPointResult[int]: - ... + def get(self, datapoint: "model.DataPointInt8") -> TypedDataPointResult[int]: ... @overload def get( self, datapoint: "model.DataPointInt8Array" - ) -> TypedDataPointResult[List[int]]: - ... + ) -> TypedDataPointResult[List[int]]: ... @overload - def get(self, datapoint: "model.DataPointInt16") -> TypedDataPointResult[int]: - ... + def get(self, datapoint: "model.DataPointInt16") -> TypedDataPointResult[int]: ... @overload def get( self, datapoint: "model.DataPointInt16Array" - ) -> TypedDataPointResult[List[int]]: - ... + ) -> TypedDataPointResult[List[int]]: ... @overload - def get(self, datapoint: "model.DataPointInt32") -> TypedDataPointResult[int]: - ... + def get(self, datapoint: "model.DataPointInt32") -> TypedDataPointResult[int]: ... @overload def get( self, datapoint: "model.DataPointInt32Array" - ) -> TypedDataPointResult[List[int]]: - ... + ) -> TypedDataPointResult[List[int]]: ... @overload - def get(self, datapoint: "model.DataPointInt64") -> TypedDataPointResult[int]: - ... + def get(self, datapoint: "model.DataPointInt64") -> TypedDataPointResult[int]: ... @overload def get( self, datapoint: "model.DataPointInt64Array" - ) -> TypedDataPointResult[List[int]]: - ... + ) -> TypedDataPointResult[List[int]]: ... @overload - def get(self, datapoint: "model.DataPointString") -> TypedDataPointResult[str]: - ... + def get(self, datapoint: "model.DataPointString") -> TypedDataPointResult[str]: ... @overload def get( self, datapoint: "model.DataPointStringArray" - ) -> TypedDataPointResult[List[str]]: - ... + ) -> TypedDataPointResult[List[str]]: ... @overload - def get(self, datapoint: "model.DataPointUint8") -> TypedDataPointResult[int]: - ... + def get(self, datapoint: "model.DataPointUint8") -> TypedDataPointResult[int]: ... @overload def get( self, datapoint: "model.DataPointUint8Array" - ) -> TypedDataPointResult[List[int]]: - ... + ) -> TypedDataPointResult[List[int]]: ... @overload - def get(self, datapoint: "model.DataPointUint16") -> TypedDataPointResult[int]: - ... + def get(self, datapoint: "model.DataPointUint16") -> TypedDataPointResult[int]: ... @overload def get( self, datapoint: "model.DataPointUint16Array" - ) -> TypedDataPointResult[List[int]]: - ... + ) -> TypedDataPointResult[List[int]]: ... @overload - def get(self, datapoint: "model.DataPointUint32") -> TypedDataPointResult[int]: - ... + def get(self, datapoint: "model.DataPointUint32") -> TypedDataPointResult[int]: ... @overload def get( self, datapoint: "model.DataPointUint32Array" - ) -> TypedDataPointResult[List[int]]: - ... + ) -> TypedDataPointResult[List[int]]: ... @overload - def get(self, datapoint: "model.DataPointUint64") -> TypedDataPointResult[int]: - ... + def get(self, datapoint: "model.DataPointUint64") -> TypedDataPointResult[int]: ... @overload def get( self, datapoint: "model.DataPointUint64Array" - ) -> TypedDataPointResult[List[int]]: - ... + ) -> TypedDataPointResult[List[int]]: ... def get(self, datapoint: "model.DataPoint"): datapoint_type = datapoint.__class__.__name__ diff --git a/velocitas_sdk/vehicle_app.py b/velocitas_sdk/vehicle_app.py index 06c2728c..d955e699 100644 --- a/velocitas_sdk/vehicle_app.py +++ b/velocitas_sdk/vehicle_app.py @@ -12,7 +12,7 @@ # # SPDX-License-Identifier: Apache-2.0 -""" This module contains the Vehicle App base class. """ +"""This module contains the Vehicle App base class.""" import asyncio import inspect From 9325d11a22fa102149712e59dac74a99467ace4b Mon Sep 17 00:00:00 2001 From: Markus Petke Date: Mon, 10 Mar 2025 06:47:59 +0000 Subject: [PATCH 06/11] fix licenses --- NOTICE-3RD-PARTY-CONTENT.md | 54 ++++++++++++++++++------------------- 1 file changed, 26 insertions(+), 28 deletions(-) diff --git a/NOTICE-3RD-PARTY-CONTENT.md b/NOTICE-3RD-PARTY-CONTENT.md index 75745eb5..06fde8e6 100644 --- a/NOTICE-3RD-PARTY-CONTENT.md +++ b/NOTICE-3RD-PARTY-CONTENT.md @@ -3,35 +3,35 @@ ## Python | Dependency | Version | License | |:-----------|:-------:|--------:| -|aiohappyeyeballs|2.4.3|Python Software Foundation License| +|aiohappyeyeballs|2.5.0|Python Software Foundation License| |aiohttp|3.10.11|Apache 2.0| -|aiosignal|1.3.1|Apache 2.0| -|APScheduler|3.10.4|MIT| +|aiosignal|1.3.2|Apache 2.0| +|APScheduler|3.11.0|MIT| |async-timeout|5.0.1|Apache 2.0| -|attrs|24.2.0|MIT| +|attrs|25.1.0|unknown| |build|1.2.2.post1|MIT| -|cachetools|5.5.0|MIT| +|cachetools|5.5.2|MIT| |cfgv|3.4.0|MIT| |chardet|5.2.0|LGPL| -|click|8.1.7|New BSD| +|click|8.1.8|BSD| |cloudevents|1.11.0|Apache 2.0| |colorama|0.4.6|BSD| -|coverage|7.6.7|Apache 2.0| -|Deprecated|1.2.15|MIT| +|coverage|7.6.12|Apache 2.0| +|Deprecated|1.2.18|MIT| |deprecation|2.1.0|Apache 2.0| |distlib|0.3.9|Python Software Foundation License| |exceptiongroup|1.2.2|MIT| -|filelock|3.16.1|The Unlicense (Unlicense)| +|filelock|3.17.0|The Unlicense (Unlicense)| |frozenlist|1.5.0|Apache 2.0| |grpc-stubs|1.53.0.5|MIT| |grpcio|1.64.1|Apache 2.0| |grpcio-tools|1.64.1|Apache 2.0| -|identify|2.6.2|MIT| +|identify|2.6.9|MIT| |idna|3.10|BSD| |importlib-metadata|7.1.0|Apache 2.0| |iniconfig|2.0.0|MIT| |multidict|6.1.0|Apache 2.0| -|mypy|1.13.0|MIT| +|mypy|1.15.0|MIT| |mypy-extensions|1.0.0|MIT| |mypy-protobuf|3.6.0|Apache 2.0| |nodeenv|1.9.1|BSD| @@ -47,29 +47,27 @@ |pip-tools|7.4.1|BSD| |platformdirs|4.3.6|MIT| |pluggy|1.5.0|MIT| -|pre-commit|4.0.1|MIT| -|propcache|0.2.0|Apache 2.0| +|pre-commit|4.1.0|MIT| +|propcache|0.3.0|Apache 2.0| |protobuf|5.27.2|Google License| -|pyproject-api|1.8.0|MIT| +|pyproject-api|1.9.0|MIT| |pyproject-hooks|1.2.0|MIT| -|pytest|8.3.3|MIT| -|pytest-asyncio|0.24.0|Apache 2.0| +|pytest|8.3.5|MIT| +|pytest-asyncio|0.25.3|Apache 2.0| |pytest-cov|6.0.0|MIT| -|pytz|2024.2|MIT| |PyYAML|6.0.2|MIT| |setuptools|65.5.1|MIT| -|six|1.16.0|MIT| -|tomli|2.1.0|MIT| -|tox|4.23.2|MIT| -|types-Deprecated|1.2.15.20241117|Apache 2.0| -|types-mock|5.1.0.20240425|Apache 2.0| -|types-protobuf|5.28.3.20241030|Apache 2.0| +|tomli|2.2.1|MIT| +|tox|4.24.2|MIT| +|types-deprecated|1.2.15.20250304|Apache 2.0| +|types-mock|5.2.0.20250306|Apache 2.0| +|types-protobuf|5.29.1.20250208|Apache 2.0| |typing-extensions|4.12.2|Python Software Foundation License| -|tzlocal|5.2|MIT| -|virtualenv|20.27.1|MIT| -|wheel|0.45.0|MIT| -|wrapt|1.16.0|BSD| -|yarl|1.17.2|Apache 2.0| +|tzlocal|5.3.1|MIT| +|virtualenv|20.29.3|MIT| +|wheel|0.45.1|MIT| +|wrapt|1.17.2|BSD| +|yarl|1.18.3|Apache 2.0| |zipp|3.21.0|MIT| ## Workflows | Dependency | Version | License | From fa12cdd245d993728bed9ba52d0c0d96e0be548f Mon Sep 17 00:00:00 2001 From: Markus Petke Date: Mon, 10 Mar 2025 12:21:52 +0000 Subject: [PATCH 07/11] fix review findings --- .github/workflows/project-creation.yaml | 2 +- README.md | 12 ------------ examples/seat-adjuster/requirements.in | 1 - examples/seat-adjuster/requirements.txt | 6 ++---- 4 files changed, 3 insertions(+), 18 deletions(-) diff --git a/.github/workflows/project-creation.yaml b/.github/workflows/project-creation.yaml index 764eb039..7778a6a0 100644 --- a/.github/workflows/project-creation.yaml +++ b/.github/workflows/project-creation.yaml @@ -50,7 +50,7 @@ jobs: with: repository: eclipse-velocitas/cli path: cli - ref: v0.11.0 + ref: v0.13.1 - name: Checkout SDK repo uses: actions/checkout@v4 diff --git a/README.md b/README.md index bee32325..91e3fd81 100644 --- a/README.md +++ b/README.md @@ -75,18 +75,6 @@ Update `velocitas-sdk` version number in the following files: * `examples/seat-adjuster/requirements-velocitas.txt` Use the version number intended to be used for the release. -As the version has not yet been released, an error in Continuous Integration for the -[Project creation](https://github.com/eclipse-velocitas/vehicle-app-python-sdk/actions/workflows/project-creation.yaml) -workflow is expected. - -``` -Running post init hook for 'sdk-installer' -Running 'run'... -ExecExitError: Program returned exit code: 1 -``` - -It is recommended to test locally if the not yet released SDK is compatible with the Seat Adjuster example and then merge the changes -even if Continuos Integration fails. 2. Tag the commit and upload to GitHub diff --git a/examples/seat-adjuster/requirements.in b/examples/seat-adjuster/requirements.in index b7af1465..406f6978 100644 --- a/examples/seat-adjuster/requirements.in +++ b/examples/seat-adjuster/requirements.in @@ -16,4 +16,3 @@ grpcio==1.64.1 protobuf==5.27.2 cloudevents==1.11.0 aiohttp==3.10.11 -packaging==24.1 diff --git a/examples/seat-adjuster/requirements.txt b/examples/seat-adjuster/requirements.txt index 384aac05..59a89fa4 100644 --- a/examples/seat-adjuster/requirements.txt +++ b/examples/seat-adjuster/requirements.txt @@ -30,10 +30,8 @@ multidict==6.1.0 # via # aiohttp # yarl -packaging==24.1 - # via - # -r requirements.in - # deprecation +packaging==24.2 + # via deprecation propcache==0.3.0 # via yarl protobuf==5.27.2 From 081c5418c9ad4126c13d819dc0c98a24157ffdc1 Mon Sep 17 00:00:00 2001 From: Markus Petke Date: Mon, 10 Mar 2025 12:40:09 +0000 Subject: [PATCH 08/11] update test requirements --- .../.skeleton/tests/requirements.txt | 18 +++++++++--------- examples/seat-adjuster/tests/requirements.txt | 18 ++++++++---------- 2 files changed, 17 insertions(+), 19 deletions(-) diff --git a/.project-creation/.skeleton/tests/requirements.txt b/.project-creation/.skeleton/tests/requirements.txt index 41de5d00..a68334c4 100644 --- a/.project-creation/.skeleton/tests/requirements.txt +++ b/.project-creation/.skeleton/tests/requirements.txt @@ -4,31 +4,31 @@ # # pip-compile # -coverage[toml]==7.3.2 +coverage[toml]==7.6.12 # via pytest-cov -exceptiongroup==1.1.3 +exceptiongroup==1.2.2 # via pytest iniconfig==2.0.0 # via pytest -packaging==23.2 +packaging==24.2 # via pytest -pluggy==1.3.0 +pluggy==1.5.0 # via pytest -pytest==7.4.2 +pytest==8.3.5 # via # -r requirements.in # pytest-asyncio # pytest-cov # pytest-ordering -pytest-asyncio==0.21.1 +pytest-asyncio==0.25.3 # via -r requirements.in -pytest-cov==4.1.0 +pytest-cov==6.0.0 # via -r requirements.in pytest-ordering==0.6 # via -r requirements.in -tomli==2.0.1 +tomli==2.2.1 # via # coverage # pytest -types-mock==5.1.0.2 +types-mock==5.2.0.20250306 # via -r requirements.in diff --git a/examples/seat-adjuster/tests/requirements.txt b/examples/seat-adjuster/tests/requirements.txt index 7371cfe1..a68334c4 100644 --- a/examples/seat-adjuster/tests/requirements.txt +++ b/examples/seat-adjuster/tests/requirements.txt @@ -4,33 +4,31 @@ # # pip-compile # -coverage[toml]==7.6.0 - # via - # coverage - # pytest-cov +coverage[toml]==7.6.12 + # via pytest-cov exceptiongroup==1.2.2 # via pytest iniconfig==2.0.0 # via pytest -packaging==24.1 +packaging==24.2 # via pytest pluggy==1.5.0 # via pytest -pytest==8.3.2 +pytest==8.3.5 # via # -r requirements.in # pytest-asyncio # pytest-cov # pytest-ordering -pytest-asyncio==0.23.8 +pytest-asyncio==0.25.3 # via -r requirements.in -pytest-cov==5.0.0 +pytest-cov==6.0.0 # via -r requirements.in pytest-ordering==0.6 # via -r requirements.in -tomli==2.0.1 +tomli==2.2.1 # via # coverage # pytest -types-mock==5.1.0.20240425 +types-mock==5.2.0.20250306 # via -r requirements.in From 338135ef86071ae9432fb3603d37e855c7150429 Mon Sep 17 00:00:00 2001 From: Markus Petke Date: Mon, 10 Mar 2025 14:29:23 +0000 Subject: [PATCH 09/11] fix requirements --- .project-creation/templates/requirements.in | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/.project-creation/templates/requirements.in b/.project-creation/templates/requirements.in index a0975060..741d5fc2 100644 --- a/.project-creation/templates/requirements.in +++ b/.project-creation/templates/requirements.in @@ -20,9 +20,7 @@ ########################################## # Development Tools Packages ########################################## -grpcio-tools==1.59.0 -grpc-stubs==1.53.0.5 -mypy-protobuf==3.5.0 -pre-commit==3.6.0 -mypy==1.8.0 -pip-tools==7.3.0 +mypy-protobuf +pre-commit +mypy +pip-tools From 15a24cc1ff765fe958be022e915a506e9fed0794 Mon Sep 17 00:00:00 2001 From: Markus Petke Date: Tue, 11 Mar 2025 10:53:26 +0100 Subject: [PATCH 10/11] fix readme and comment --- .github/workflows/project-creation.yaml | 9 +++++---- README.md | 15 +++++++++------ 2 files changed, 14 insertions(+), 10 deletions(-) diff --git a/.github/workflows/project-creation.yaml b/.github/workflows/project-creation.yaml index 7778a6a0..f7fa43ad 100644 --- a/.github/workflows/project-creation.yaml +++ b/.github/workflows/project-creation.yaml @@ -92,10 +92,11 @@ jobs: CREATE_ARGS="-e ${{ matrix.example }}" fi velocitas create -c vapp-core-python $CREATE_ARGS - # Velocitas CLI fetches an older released version of the example - # This is caused by vehicle-app-template that downloads latest tagged version of pkg-velocitas-main - # and then the SDK version mentioned in components/cores/vapp-python/.project-creation/config.json - # will be used. + + # Velocitas CLI does not fetch the latest released version of the example. + # This is caused by vehicle-app-template that downloads latest tagged version of pkg-velocitas-main, + # which then uses the latest tagged SDK or the version mentioned in + # components/cores/vapp-python/.project-creation/config.json if no tags are found. # But we want to check the one in this repository so lets copy it if [ "${{ matrix.example }}" != "no-example" ]; then cp -r ../sdk/examples/${{ matrix.example }}/* ../app/app diff --git a/README.md b/README.md index 91e3fd81..5fa88c96 100644 --- a/README.md +++ b/README.md @@ -76,16 +76,19 @@ Update `velocitas-sdk` version number in the following files: Use the version number intended to be used for the release. -2. Tag the commit and upload to GitHub +2. Create a PR with the required changes -Create a tag of the form `vX.Y.X` and upload to the repository. +> Note: The [project creation workflow](https://github.com/eclipse-velocitas/vehicle-app-python-sdk/actions/workflows/project-creation.yaml) will fail, since the new tag is required by the workflow but not yet available. Since these checks are not mandatory to be able to merge the PR, you can still release your changes. + +3. Once the PR is merged: Tag the commit and upload to GitHub + +Create a release in the GitHub UI and use the new tag of the form `vX.Y.X`. That will trigger the [release](https://github.com/eclipse-velocitas/vehicle-app-python-sdk/actions/workflows/release.yaml) workflow. -If the action is successfully executed a new [GitHub release](https://github.com/eclipse-velocitas/vehicle-app-python-sdk/releases) shall have been created as well as as -a new version of `velocitas-lib` published in [PyPI](https://pypi.org/project/velocitas-sdk/). +If the action is successfully executed a new version of `velocitas-lisdkb` is published in [PyPI](https://pypi.org/project/velocitas-sdk/). -3. Re-run project creation tests +4. Re-run project creation tests -Now, when the updated [PyPI](https://pypi.org/project/velocitas-sdk/) package exists, the [Project creation](https://github.com/eclipse-velocitas/vehicle-app-python-sdk/actions/workflows/project-creation.yaml) workflow is expected to succeed if run manually for `main`. +Now, when the updated [PyPI](https://pypi.org/project/velocitas-sdk/) package exists, the [project creation workflow](https://github.com/eclipse-velocitas/vehicle-app-python-sdk/actions/workflows/project-creation.yaml) is expected to succeed if run manually for `main`. If not you need to troubleshoot why it doesn't. ### Updating Dependencies From f62ebab639f3a4aa3e8e7e7bb7cb97bceac87847 Mon Sep 17 00:00:00 2001 From: Markus Petke Date: Tue, 11 Mar 2025 10:05:47 +0000 Subject: [PATCH 11/11] fix typo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 5fa88c96..37aa5ee5 100644 --- a/README.md +++ b/README.md @@ -84,7 +84,7 @@ Use the version number intended to be used for the release. Create a release in the GitHub UI and use the new tag of the form `vX.Y.X`. That will trigger the [release](https://github.com/eclipse-velocitas/vehicle-app-python-sdk/actions/workflows/release.yaml) workflow. -If the action is successfully executed a new version of `velocitas-lisdkb` is published in [PyPI](https://pypi.org/project/velocitas-sdk/). +If the action is successfully executed a new version of `velocitas-sdk` is published in [PyPI](https://pypi.org/project/velocitas-sdk/). 4. Re-run project creation tests